<?php

  require_once "Mail.php";
  require_once('user_service_php.php');

  function registerNewUser($user, $password, $email) {
		$return_string = "";
		// Check wheter user already exist
		$query = "SELECT name FROM User WHERE name = '" . $user . "'";
		$result = mysql_query($query);

		$return_val = array();
		if (mysql_num_rows($result) > 0) {
			$return_val['returncode'] = "false";
			$return_val['errormessage'] = "User exist";
		} else {
      $query = "SELECT name FROM UnverifiedUser WHERE name='$user'";
      $result = mysql_query($query);
      if (mysql_num_rows($result) > 0) {
  			$return_val['returncode'] = "false";
	  		$return_val['errormessage'] = "User exist, but unverified";
      } else {
        $confirm_code=md5(uniqid(rand()));
        $query = "INSERT INTO UnverifiedUser (name, password, email, "
               . "confirm_code) VALUES('" 
               . $user . "', '" . $password . "','$email','$confirm_code')";
        $result = mysql_query($query);
        if ($result) {
          $return_val['returncode'] = "true";
          $return_string .= sendVerificationEmail($user, $email);

        } else {
          $return_val['returncode'] = "false";
        }
      }
		}
		
		foreach ($return_val as $key => $value) {
			$return_string .= "<" . $key . ">" . strval($value) 
                      . "</" . $key . ">\n";
		}

    return $return_string;
	}

  function sendVerificationEmail($user, $email) {
    $query = "SELECT confirm_code FROM UnverifiedUser "
           . "WHERE name='$user' AND email='$email'";
    $result = mysql_query($query);
    if (mysql_num_rows($result) == 0) {
      // error
      return "<returncode>0</returncode>\n"
           . "<errormessage>No such unverified user!</errormessage>";
    }
    $result_row = mysql_fetch_assoc($result);
    $confirm_code = $result_row['confirm_code'];
    $from = "COBL <sands.ntu@gmail.com>";
    $to = $email;
    $subject = "COBL User Confirmation";
    $body = "Hi $user,\n"
        . "To confirm your user registration please click on the link below:\n"
        . "http://sands.sce.ntu.edu.sg:5500/do_command.php?command=verify_user&"
        . "confirm_code=$confirm_code \n"
        . "COBL Team";
    $port = 587;
    $host = "smtp.gmail.com";
    $username = "sandsntu";
    $password = "1234qweasz";


    $headers = array ('From' => $from,
                      'To' => $to,
                      'Subject' => $subject);

    $smtp = Mail::factory('smtp', array ('host' => $host,
                                         'auth' => true,
                                         'port' => $port,
                                         'username' => $username,
                                         'password' => $password));

    $mail = $smtp->send($to, $headers, $body);
    if (PEAR::isError($mail)) {
      return "<p>" . $mail->getMessage() . "</p>";
    } else {
      return "<p>Message successfully sent!</p>";
    }

  }

  function verifyUser($confirm_code) {
    $return_string = "";
    $query = "SELECT * FROM UnverifiedUser WHERE confirm_code='$confirm_code'";
    $result = mysql_query($query);

    if (mysql_num_rows($result) == 0) {
      $return_string = "<error>No such unverified user!</error>";
    } else {
      $result_row = mysql_fetch_assoc($result);
      // register XMPP account
      // change the secret key and port for outside server
      $query = "INSERT INTO User(name, password, email) VALUES ("
             . "'" . $result_row['name'] . "','" . sha1($result_row['password'])
             . "','" . $result_row['email'] . "')";
      mysql_query($query);
      $user_service = new UserServicePHP('curl', 'http://sands.sce.ntu.edu.sg',
                                         'NuYd0CaM', 9000);
      $response = $user_service->query('add', $result_row['name'],
                                       $result_row['password'],
                                       $result_row['name']);
		
      $return_string = "Verification successful! <br/>\n"
                     . "You can now login to COBL.";
      $query = "DELETE FROM UnverifiedUser WHERE confirm_code='$confirm_code'";
      mysql_query($query);
    }
    return $return_string;
  }

?>
